Isolate Infected Systems

Magic Quadrant Leader

Best UTM Security Solution

See Hidden Risks and Threats

Like you’ve never seen before

Sophos XG Firewall provides unprecedented visibility into your network, users, and applications directly from the control center. You also get rich on-box reporting and the option to add Sophos iView for centralized reporting across multiple firewalls.

Take it for a test drive.

Stop unknown threats. Dead.

XG Firewall offers the best protection against the latest advanced threats like ransomware, cryptomining, bots, worms, hacks, breaches and APTs.

Powerful Sandstorm sandboxing

Deep learning with artificial intelligence

Top performing IPS

Advanced threat and botnet protection

Web protection with dual AV, JavaScript emulation and SSL inspection

Powered by Deep Learning

An industry first, XG Firewall integrates Deep Learning technology into our Sophos Sandstorm sandboxing. It’s been developed by data scientists at SophosLabs to deliver the industry’s best detection rates without using signatures. It catches previously unseen malware lurking in suspicious payloads quickly and effectively. It’s just one of the ways that XG Firewall stops unknown threats dead in their tracks.

Intercepting Exploits

XG Firewall integrates some of the best technology from our leading Intercept X next-gen endpoint protection like exploit prevention and CryptoGuard Protection to identify malware exploits and ransomware before it gets on your network. Combined with our top performing Intrusion Prevention System (IPS) it doesn’t matter whether a hacker is trying to exploit a network vulnerability or an endpoint vulnerability, XG Firewall will stop it cold.

Keep Your Network Under Control

A breakthrough in application visibility and control.

Synchronized App Control

Automatically identifies hundreds of unknown, evasive, and custom Windows and Mac applications to easily prioritize the apps you want, and block the ones you don’t.

CASB and Cloud App Visibility

Cloud Application Visibility identifies all browser applications and cloud services to identify Shadow IT and data at risk to get it under control quickly and easily.

Isolate Infected Systems

Sophos XG Firewall is the only network security solution that is able to fully identify the source of an infection on your network and automatically limit access to other network resources in response. This is made possible with our unique Sophos Security Heartbeat™ that shares telemetry and health status between Sophos endpoints and your firewall.

Monitor Network Health

XG Firewall not only monitors host network activity, but also receives health status directly from your endpoints so you have constant visibility into the health of your entire network.

Identify Infected Systems

XG Firewall instantly alerts you to compromised systems on your network with full details including the IP address, the user, and the process, so you're not left digging for information.

Automatically Isolate Infections

XG Firewall uniquely integrates the health of connected hosts into your firewall rules, enabling you to automatically limit access to sensitive network resources from any compromised system until it's cleaned up.

A Firewall That Thinks Like You

So you don’t need to think like a firewall.

We’ve rethought the way firewall rules and security policies are managed. Sophos XG implements an all-new powerful and flexible unified security and control model that enables you to see and manage all your user, application and network policies in a single place on a firewall rule basis.

Most firewall products will have you setting up and managing security across multiple modules or screens. Not Sophos. We provide a powerful unified security model that allows you to easily establish and manage your security posture in one place.

XG Firewall makes it easy to manage all your network security in one place including your network and user-based firewall rules alongside all your web application firewall protection for business applications and servers, as well as your NAT rules.

An industry first, Sophos Security Heartbeat links your endpoints and your firewall to combine their intelligence to immediately identify systems compromised by advanced threats, enabling you to establish policies that automatically isolate or limit infected systems until they can be cleaned up.

If you’re like most network admins, you’ve probably wondered whether you have too many firewall rules, and which ones are really necessary and which ones are not actually being used. With Sophos XG Firewall, you don’t need to wonder anymore.

Pre-defined policy templates let you protect common applications like Microsoft Exchange or Sharepoint fast. Simply select them from a list, provide some basic information and the template takes care of the rest. It sets all the inbound/ outbound firewall rules and security settings for you automatically.

Complete Next-Gen Protection

All the advanced networking, protection, user, and app controls you need to stay secure and compliant.

Two-factor authentication (2FA) one-time password support for access to key system areas, including IPsec and SSL VPN, the user portal, and the web administration console.

Application Control

Complete application visibility and control over all applications on your network with deep-packet scanning technology and Synchronized App Control that can identify all the applications that are currently going unidentified on your network.

Visibility and control over thousands of applications via customizable policy templates with granular controls and smart filter lists that enable you to build custom policies based on category, risk, technology, or other characteristics.

Synchronized App Control provides a breakthrough in network visibility by identifying all the applications that are unknown, unidentified, or generic on your network enabling you to classify and control them. Prioritize the apps you want and block the ones you don’t.

User-based application policies enables custom-tailored application control to be added to any user, group, or network policy with the option to also apply traffic shaping.

HTTPS scanning deep scans encrypted application traffic for browsers and related micro-apps to control chat, messaging, posts, file transfers, and other web and social media apps.

Web Control

Full visibility and control over all your web traffic with flexible enforcement tools that work the way you need, with options for user and group enforcement of activity, quotas, schedules, and traffic shaping.

Flexible, user-based monitoring and control of keyword content and downloadable content, including files types via FTP, HTTP, or HTTPS.

Web keyword monitoring can log and dynamically block content matching uploaded keyword libraries regardless of the site category to help identify problematic or risky behavior related to topics like self-harm, radicalization, bullying, and more.

File download filtering templates let you control hundreds of different files, executables, and dynamic content types simply as part of any user or network web control policy.

Outbound email DLP that's policy-based can automatically trigger encryption or block/notify based on the presence of sensitive data in emails leaving the organization.

Identifies suspicious payloads such as PDFs, Office Docs, and executables entering the network via email or the web and sends those to the cloud sandbox for extensive machine learning based analysis and remote execution to convict zero-day payloads before they enter your network.

Great value, affording you all the benefits of enterprise-grade protection without the enterprise price tag.

Detailed threat reports for every incident so you know exactly what’s going on.

Anti-Malware

Sophos' award-winning, high-performance anti-malware engine is backed by SophosLabs and a 30-year history of protecting enterprises from the latest threats.

SophosLabs, the global, round-the-clock threat research operation, identifies thousands of newly infected websites and instances of web malware, ensuring you have the best malicious site database protecting your network and users.

Security Heartbeat: XG Firewall monitors the Security Heartbeat status of all your Sophos Endpoints, enabling you to quickly identify compromised systems and automatically limit network access for these systems until they can be cleaned up.

Destination Heartbeat Protection, controls access to endpoints and servers based on the status of their Heartbeat – further bolstering protection from potentially compromised systems until they are completely safe.

Synchronized App Control a breakthrough in network visiblity, utilizes the Synchronized Security relationship to automatically identify, classify and control unknown applications on your network.

Flexible bridging options allow device ports to be bridged to share a common address space, and fail-open bypass ports allow bridged inline deployments with no disruption.

IPv6 Certified support throughout for interfaces, routing, and tunneling, including 6-in-4, 6-to-4, 4-in-6, IPv6 rapid deployment (6rd), and IPv6 through IPSec tunneling.

Segmentation

Flexible and powerful segmentation options via zones and VLANs provide ways to separate levels of trust on your network while enabling added protection against lateral movement between different parts of your network. Zones rise above the traditional interface-based configuration model to provide a more intuitive, powerful, and simple way to secure and segment your network and create policy.

Zones rise above the traditional interface-based configuration model to provide a more intuitive, powerful, and simple way to secure and segment your network and create policy.

Default zones for LAN, WAN, DMZ, LOCAL, VPN, and Wi-Fi make it easy to get up and running quickly and easily with support for custom zones on the LAN or DMZ.

Full VLAN support provides powerful segmentation options by trust, traffic type, location, and other criteria across your physical network infrastructure.

Zone and VLAN isolation ensures zones are isolated until firewall rules are explicitly created to enable secure exchange of application, user, and network traffic to pass between them.

Secure encryption with support for all the latest standards including WPA2 personal and enterprise.

Performance

Sophos XG Firewall offers among the highest price per protected Mbps of any firewall on the market as proven by NSS Labs recent testing. XG Firewall combines performance-optimized technologies at every point in the firewall processing chain that leverage Intel’s multi-core processing platform.

FastPath packet optimization improves firewall scanning performance by 200% or more by automatically putting secure traffic on the fast path after the initial content is identified, scanned, and determined to be safe and compliant.

Two-factor authentication (2FA) one-time password support for access to key system areas, including IPsec and SSL VPN, the user portal, and the web administration console.

Application Control

Complete application visibility and control over all applications on your network with deep-packet scanning technology and Synchronized App Control that can identify all the applications that are currently going unidentified on your network.

Visibility and control over thousands of applications via customizable policy templates with granular controls and smart filter lists that enable you to build custom policies based on category, risk, technology, or other characteristics.

CASB cloud app visibility identifies all browser applications and cloud services to identify Shadow IT and data at risk to get it under control quickly and easily.

Synchronized App Control provides a breakthrough in network visibility by identifying all the applications that are unknown, unidentified, or generic on your network enabling you to classify and control them. Prioritize the apps you want and block the ones you don’t.

User-based application policies enables custom-tailored application control to be added to any user, group, or network policy with the option to also apply traffic shaping.

Web Control

Full visibility and control over all your web traffic with flexible enforcement tools that work the way you need, with options for user and group enforcement of activity, quotas, schedules, and traffic shaping.

Potentially unwanted app control protects your network from cryptomining and cryptojacking embedded in websites as well as a variety of other unwanted web borne applications

Content Control

Flexible, user-based monitoring and control of keyword content and downloadable content, including files types via FTP, HTTP, or HTTPS.

Web keyword monitoring can log and dynamically block content matching uploaded keyword libraries regardless of the site category to help identify problematic or risky behavior related to topics like self-harm, radicalization, bullying, and more.

File download filtering templates let you control hundreds of different files, executables, and dynamic content types simply as part of any user or network web control policy.

Outbound email DLP that's policy-based can automatically trigger encryption or block/notify based on the presence of sensitive data in emails leaving the organization.

Sophos Sandstorm Cloud Sandbox

Sophos Sandstorm uses next-gen cloud-sandbox technology with the best technology from Intercept X, providing your organization with the best protection against zero-day threats like the latest ransomware and targeted attacks coming in through phishing, spam, or web downloads.

Identifies suspicious payloads such as PDFs, Office Docs, and executables entering the network via email or the web and sends those to the cloud sandbox for extensive machine learning based analysis and remote execution to convict zero-day payloads before they enter your network.

Powered by deep learning and other technology from our leading Intercept X next-gen endpoint product including exploit detection and CryptoGuard protection stops zero-day threats before they get on your network.

Great value, affording you all the benefits of enterprise-grade protection without the enterprise price tag.

Detailed threat reports for every incident so you know exactly what’s going on.

Anti-malware

Sophos' award-winning, high-performance anti-malware engine is backed by SophosLabs and a 30-year history of protecting enterprises from the latest threats.

Potentially unwanted app control protects your network from cryptomining and cryptojacking embedded in websites as well as a variety of other unwanted web borne applications.

SophosLabs, the global, round-the-clock threat research operation, identifies thousands of newly infected websites and instances of web malware, ensuring you have the best malicious site database protecting your network and users.

Security Heartbeat: XG Firewall monitors the Security Heartbeat status of all your Sophos Endpoints, enabling you to quickly identify compromised systems and automatically limit network access for these systems until they can be cleaned up.

Destination Heartbeat Protection, controls access to endpoints and servers based on the status of their Heartbeat – further bolstering protection from potentially compromised systems until they are completely safe.

Synchronized App Control a breakthrough in network visiblity, utilizes the Synchronized Security relationship to automatically identify, classify and control unknown applications on your network.

Flexible bridging options allow device ports to be bridged to share a common address space, and fail-open bypass ports allow bridged inline deployments with no disruption.

IPv6 Certified support throughout for interfaces, routing, and tunneling, including 6-in-4, 6-to-4, 4-in-6, IPv6 rapid deployment (6rd), and IPv6 through IPSec tunneling.

Segmentation

Flexible and powerful segmentation options via zones and VLANs provide ways to separate levels of trust on your network while enabling added protection against lateral movement between different parts of your network. Zones rise above the traditional interface-based configuration model to provide a more intuitive, powerful, and simple way to secure and segment your network and create policy.

Zones rise above the traditional interface-based configuration model to provide a more intuitive, powerful, and simple way to secure and segment your network and create policy.

Default zones for LAN, WAN, DMZ, LOCAL, VPN, and Wi-Fi make it easy to get up and running quickly and easily with support for custom zones on the LAN or DMZ.

Full VLAN support provides powerful segmentation options by trust, traffic type, location, and other criteria across your physical network infrastructure.

Zone and VLAN isolation ensures zones are isolated until firewall rules are explicitly created to enable secure exchange of application, user, and network traffic to pass between them.

Secure encryption with support for all the latest standards including WPA2 personal and enterprise.

Performance

Sophos XG Firewall offers among the highest price per protected Mbps of any firewall on the market as proven by NSS Labs recent testing. XG Firewall combines performance-optimized technologies at every point in the firewall processing chain that leverage Intel’s multi-core processing platform.